A company’s security policy requires that all AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations.
Which solution is MOST secure?
A. At the organization’s root, define and attach a service control policy (SCP) that permits enabling CloudTrail only.
B. Create IAM groups in the organization’s management account as needed. Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail.
C. Organize accounts into organizational units (OUs). At the organization’s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail.
D. Add all existing accounts under the organization’s root. Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail.
How To Pass SAA-C02 Exam?Amazon SAA-C02 PDF dumps.High quality SAA-C02 pdf and software. VALID exam to help you pass. |
 |
